For the past couple of years, Microsoft has been issuing a semi-annual report on the security threat landscape. The latest version of the Security Intelligence Report (SIR), v5, was released last Monday. Microsoft appears to be taking security seriously these days: “…during the frst half of 2008 (1H08), there were fewer disclosures of Microsoft vulnerabilities than for the industry as a whole; in fact, Microsoft vulnerabilities were down 33.6 percent in 1H08.
“However, it is alarming to see that more than 90 percent of vulnerabilities disclosed in 1H08 affected applications, and nearly half of all industry vulnerabilities are rated as High Severity. Additionally, 1H08 showed how threats are increasingly affecting a variety of vendors beyond Microsoft. Issues now cross multiple vendors and illustrate how different technologies behave together and then create complex, blended threats.”
At 150 pages, the SIR is no light read; it’s a thorough analysis of the security threat landscape based on several well-known industry sources as well as “Telemetry from several customer-focused Microsoft security products and services, including the Malicious Sofware Removal Tool (MSRT), Windows Defender, Windows Live OneCare, and Exchange Hosted Services, representing a total user base of several hundred million computers…”
The announcement, Microsoft Security Intelligence Report Volume 5 is Now Available, posted on the Microsoft Malware Protection Center blog, describes a couple of interesting key findings from the report.